Time to Shine: Association Regulatory Advocacy Back in High Gear

Information destruction has been included in regulations that originally ignored it

Responsibility for the destruction of abandoned media has been addressed

Service provider qualifications and vendor selection due diligence are baked into regulations

Recycling is no longer considered adequate destruction under the law

As many readers know, after five years of relative calm on the regulatory side of things, the EU GDPR has set in motion an enormous amount of proposed legislation around the world, and across the US at the state level.

According to i-SIGMA CEO Bob Johnson, this is a time of great opportunity and enormous threat. “Most policymakers do not consider data disposal, whether on paper or electronic media, as a factor in proposed privacy and data protection law,” says Johnson. “They also often fail to consider the burden on the covered entity to validate the services provider’s qualifications. Therefore, not only do we have to make sure data destruction is in the law, but we also must make sure the unintended consequences don’t make things worse.

“It’s important that we help lawmakers get these initial laws right,” says Don Gerard, CSDS, of Land Shark Shredding and the newly appointed Chairman of the Government Relations Committee. “The laws that follow, whether in other states or at the national level, will refer to these laws being created now when crafting their own.”

Just this week, i-SIGMA provided input on a new state-level data protection law in the US.

“We are lucky to be invited to help craft these laws in the formative stages,” says Gerard. “Being invited to help write the regulations is much easier than trying to amend it after the fact.”

According to Johnson, there are more than a half dozen jurisdictions in the US and around the world where i-SIGMA is currently helping to shape new regulations.